Information Security: Introduction and Vulnerabilities

Verified

Added on 2022/10/11

AI Summary

This report provides an overview of information security, focusing on email security. It begins with an introduction to information assurance, detailing key features of a secured electronic mailing system such as authentication, message integrity, and non-refutation. The report then explores PGP/S/MIME email securing, including acquiring digital certificates, creating public and private keys, and sending signed and encrypted emails. It identifies common system vulnerabilities like phishing, spamming, denial of service, data leakage, and social engineering. Finally, it outlines countermeasures, including applying the latest email security patches, installing anti-phishing and anti-spam software, encrypting sensitive messages, and educating users on how to handle unsolicited emails. The report references several sources to support its findings.

Running head: Information Security 1
Introduction to Information Assurance
Name of the Student
Name of the Institution

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Information Security 2
Introduction to Information Assurance
Features of a secured electronic mailing system
1) Authentication. This involves recognizing a user’s identity by comparing set of
credentials provided by the user with those in the database.
2) Message Integrity. This involves the process of verifying that data remains unchanged
when transferring from one point to another.
3) Non-Refutation. This is a security feature that verifies that the sender is who they claim
to be and the message was intended to be sent to them (Higginbotham, 2002).
4) Firewall. This is a software that enforces rules of the incoming and outgoing traffic of
data packets
PGP/S/MIME E-mail securing
1. Acquiring digital certificate. Such a certificate contains user’s keys and the certificates
are obtained through certification authority. The certificate is then installed in different
browser’s cache
2. Creation of public key. The public key is exchanged between tow communicating parties
that wish to establish secured connection. Appropriate hashing functions are used to
generate public keys applied in the encryption of messages, making them known only to
their recipients.
3. Private Key generation. A private key is used to decode a data/message that was
encrypted using public key. This decryption is only possible if the private key is known.
For security purposes, private keys are kept a secret and are only known to message’s
recipients (Higginbotham, 2002).

Information Security 3
4. Sending a signed email. After acquiring a digital certificate one can send an email with
digital certificate to certify the message sender and provide the sender’s certificate to the
intended recipient.
5. Sending encrypted email. Email client are able to sign and encrypt any email using
simple checkbox or icons by toggling them on or off. A client can only send an encrypted
email to a recipient whose public key is known.
System vulnerabilities
Phishing and spamming. Spamming is the process of directing many unsolicited e-mail
messages which can interfere with the efficiency of a user and makes use of the IT resources
excessively phishing, is the use computerized techniques to lure unsuspecting users to replying to
the e-mail and revealing delicate material. The two vulnerabilities are common to email users
today.
Denial of service. This is refers to prevention of legitimate users from sending and
receiving emails, the attacker tries to restore services and also send messages to server to
authenticate invalid addresses.
Threat of data leakage. This refers to interception of messages between the sender and
receiver through unprotected communication channels by use of usernames and passwords
(Tracy, 2007).
Social engineering. This involves gathering of sensitive information from users that will
help them perform actions that leads to an attack.

Information Security 4
Countermeasures
1. Application of the latest email security patches and operating system after release of a
security alert (Stine & Scholl, April 2010).
2. Installation of anti-phishing and anti-spam software that will deal with message
protection of the users.
3. Sensitive messages are encrypted by use of PGP or S/MIME, email can be encrypted at
the email gateway or server level.
4. Education or training of the users on how to deal with unsolicited emails and attachments
from unknown senders.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Information Security 5
References
Higginbotham, P. (2002, April 13). Introduction to Security Issues in Email – PGP, S/MIME and
SSL. Retrieved from Oxford University Computing Services:
http://www.oucs.ox.ac.uk/email/secure
Shacham, H. (October 2007). H. Shacham, “The geometry of innocent flesh on the bone: Return-
intolibc without function calls (on the x86),” in Proceedings of the 14th ACM conference
on Computer and communications security. Washington, D.C.
Stine, K., & Scholl, M. (April 2010). E-mail Security: An Overview of Threats and Safeguards.
Journal of AHIMA 81, 28-30.
Tracy, M. W. (2007, February ). Guidelines on Electronic Mail Security. Retrieved from
http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf